diff --git a/machines/fuuko/configuration.nix b/machines/fuuko/configuration.nix index e0a0797..544f722 100644 --- a/machines/fuuko/configuration.nix +++ b/machines/fuuko/configuration.nix @@ -8,7 +8,6 @@ ./services/ankisyncd.nix ./services/binary-cache.nix ./services/dnsmasq.nix - ./services/drone ./services/factorio.nix ./services/gitea.nix ./services/grafana.nix diff --git a/machines/fuuko/secrets.yaml b/machines/fuuko/secrets.yaml index 81414a0..b1a9ddb 100644 --- a/machines/fuuko/secrets.yaml +++ b/machines/fuuko/secrets.yaml @@ -1,5 +1,3 @@ -drone-rpc-environment: ENC[AES256_GCM,data:2Alck43ZrOFzhY7fKonIyboROD5qGuKkalTXlUZM0vBYTNeFLblU4u4tIIaA4t9nNO4=,iv:EakQQ/8pVZlIzM9PbNB0EGzSW46t/dWbxOtQo6uVAhs=,tag:NEhSgzkx8AxIjqtGetGG9w==,type:str] -drone-server-environment: ENC[AES256_GCM,data:73uDSq+u3nGiKhLqdhdegTIvec9mF9jxVLJLtCjer5jUiFEZu5PkeYv0AWAyLWbB7s8b0V+4fxNQo/QsAfBWH0eP2TVOAy1TAo/sOso9PEVRaQCdilw39UJBdT8II3dy9YIfGFUXRUXCMU+1xfzUFjhU0s7sc+mYQ4jEj2ZX90UbUDcbgppNjC7KIHo8mQdrxFHeMq+wQpaoncwFMlwwzn8lFlG75+dMnkPGYa4xSqkwjHn2tewLM8f9dCiBQVoMVQCWo+1RieMq2cd3CYEkP7MPl+y3OA==,iv:kggBBXdN01LJ82azzxOZap1lfWglshCjkKqaU+oi+T4=,tag:Zg0Ay2aLGok4fgX3/y4ILA==,type:str] gitea-mail: ENC[AES256_GCM,data:ck4S9YJ1BLUb6+mOrRmg22KWI1xQwsdIw1dowNk1OOk=,iv:+aQiTSGzmBOLYbIVgwH/SIhslKgdJKoL1ZaGAXCeqHY=,tag:H3vCEGMktqAV/9BASVR5tg==,type:str] go-neb-overrides: ENC[AES256_GCM,data:Ws/2yCNNLLEpa9MbN7mZk6BBBaJxtHN2X9I41baWJylZeUld6/h4WCxyHw4MWzigK7k26E+7CGVGThF5Ucd6AuvuD9dd21uaoOtwsAKJVsCavk6VPQvfAuSqYJcBYY2pSwDpA6KbXbQqhC9OgcktvYQdnvNPbsSffK4zhrDjcFpDYYyBRQWxqHu/ZGh2088ECbhm2OCWeC9/5u/2id8dHutip6tUXBIalFmWObc6zgx4atCJGdq9/bOPgajQzrpWlauV0h3ioMwp0gsulOJl2LuI7Lvbsvm+UWe8hVd9ZLqR+4ZAwC5oCQht68AxekKrLNl02KQ8rM4fmWJpbK4NsR/m8+ifMZhqIe8tqUUhWGvJqbxEI/Rsbqm92ToIHL5x9hNSZ/crm+hF4c2Uh9jnSA3E/tOxjZaMU5hB+2Y4tF83nz61tzFnwhQ32VxFeq6IHyMOhgQzGZkDPAyFg2e4tbG6zp5oMx2lsUlgbaXrSrzBU73CjWiLDiJFNyGLx7ADeZ4aZVsZnvGL6y7K4p0uVuK7KSNzoW0=,iv:tniWSP8RgSDJ8ap+PK83TcPAvRdaXWC/gchF6+8uffs=,tag:SC6RB8zyVmjjbLA73cFb4A==,type:str] hcloud_exporter-environment: ENC[AES256_GCM,data:TPMeNK7uC716PC8UqDCnUKtriueIkg3l1ql9e3lse46Ko3TVvwW1oAQRSbwK8CG5AjuF2s2Y8GJdYcI8PN6Z5kERYF1RL2GDpN4pLSuw/l0YqsFkt0uK,iv:cmB+hZHvbk1p8uRmLDyYdPr6rTsFxKcoTcQVo729sAQ=,tag:nkiSvy7rsoInDN0l+1FOOQ==,type:str] @@ -17,8 +15,8 @@ sops: azure_kv: [] hc_vault: [] age: [] - lastmodified: "2021-08-28T11:43:22Z" - mac: ENC[AES256_GCM,data:vMOdapzHflV6LtUQbSmP2y0wgPXFxKqC3XtVfThy7DvBcZNSa/TN/ZOGMdKXx4qX0na1lwd8JEQ97i4FOgyediCwshjJXVFLqcFP5roXlA+hgeWtWEsrWdnZlz9KoWsFX5Cm+QU3oV+0g8tAnznfXCwDPlBTnqPAnj8BtjQVSIc=,iv:8F07K351cJBpNA0BURSeVYeW7CuC9hpNeODNF8Qq2W4=,tag:BHx83f+hHghPEt7q5xzVyg==,type:str] + lastmodified: "2022-01-14T16:18:19Z" + mac: ENC[AES256_GCM,data:i6TJ+X85H+ptli5GaodNh6KbjqBLuJcs/Cy88JIQdq5az6nVJUtB55SuhkOAu35pPqlGX4tTBRO7OHupkEwS0Gpl2rC+OQB8gvnfuANzK8uFKGs4EK29BJsqNjsRdDmH1NjGjrIjau4spLz0wfELUcKtKofkZeLvzITsgzjRj+4=,iv:ZuFOIeXb+k1PWfWYPyIBKAnBaLZu+E4SeThysXCQ+iI=,tag:BFMwx9Am66pRSmWQWnVpgA==,type:str] pgp: - created_at: "2021-04-06T11:27:21Z" enc: | diff --git a/machines/fuuko/services/drone/default.nix b/machines/fuuko/services/drone/default.nix deleted file mode 100644 index 346d4be..0000000 --- a/machines/fuuko/services/drone/default.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ - imports = [ - ./runner-exec.nix - ./server.nix - ]; -} diff --git a/machines/fuuko/services/drone/runner-exec.nix b/machines/fuuko/services/drone/runner-exec.nix deleted file mode 100644 index 41c8ad1..0000000 --- a/machines/fuuko/services/drone/runner-exec.nix +++ /dev/null @@ -1,61 +0,0 @@ -# adapted from https://github.com/Mic92/dotfiles/blob/master/nixos/eve/modules/drone/exec-runner.nix -{ config, lib, pkgs, ... }: -let - user = "drone-runner-exec"; - group = "drone-runner-exec"; - - availablePkgs = with pkgs; [ - bash - git - git-lfs - gnutar - gzip - nixFlakes - ]; -in -{ - systemd.services.drone-runner-exec = { - wantedBy = [ "multi-user.target" ]; - # might break deployment - restartIfChanged = false; - confinement = { - enable = true; - packages = availablePkgs; - }; - path = availablePkgs; - environment = { - DRONE_HTTP_BIND = ":3002"; - DRONE_RPC_HOST = "ci.sbruder.de"; - DRONE_RPC_PROTO = "https"; - DRONE_RUNNER_CAPACITY = "2"; - NIX_REMOTE = "daemon"; - PAGER = "cat"; - }; - serviceConfig = { - EnvironmentFile = lib.singleton config.sops.secrets.drone-rpc-environment.path; - BindPaths = [ - "/nix/var/nix/daemon-socket/socket" - "/run/nscd/socket" - ]; - BindReadOnlyPaths = [ - "/etc/group:/etc/group" - "/etc/machine-id" - "/etc/nix:/etc/nix" - "/etc/passwd:/etc/passwd" - "/etc/ssh/ssh_known_hosts:/etc/ssh/ssh_known_hosts" - "/etc/ssl/certs/ca-certificates.crt:/etc/ssl/certs/ca-certificates.crt" - "/etc/static" - "/nix" - ]; - ExecStart = "${pkgs.drone-runner-exec}/bin/drone-runner-exec"; - User = user; - Group = group; - }; - }; - - users.users."${user}" = { - isSystemUser = true; - inherit group; - }; - users.groups."${group}" = { }; -} diff --git a/machines/fuuko/services/drone/server.nix b/machines/fuuko/services/drone/server.nix deleted file mode 100644 index f5fded6..0000000 --- a/machines/fuuko/services/drone/server.nix +++ /dev/null @@ -1,62 +0,0 @@ -# adapted from https://github.com/Mic92/dotfiles/blob/master/nixos/eve/modules/drone/server.nix -{ config, lib, pkgs, ... }: -let - user = "drone-server"; - group = "drone-server"; -in -{ - sops.secrets = { - drone-rpc-environment.sopsFile = ../../secrets.yaml; - drone-server-environment.sopsFile = ../../secrets.yaml; - }; - - systemd.services.drone-server = { - wantedBy = [ "multi-user.target" ]; - after = [ "postgres.service" ]; - environment = { - DRONE_DATABASE_DATASOURCE = "postgres:///drone-server?host=/run/postgresql"; - DRONE_DATABASE_DRIVER = "postgres"; - DRONE_GITEA_SERVER = "https://git.sbruder.de"; - DRONE_PROMETHEUS_ANONYMOUS_ACCESS = "true"; - DRONE_SERVER_HOST = "ci.sbruder.de"; - DRONE_SERVER_PORT = "127.0.0.1:8011"; - DRONE_SERVER_PROTO = "https"; - DRONE_USER_CREATE = "username:simon,admin:true"; - }; - serviceConfig = { - EnvironmentFile = with config.sops.secrets; [ - drone-rpc-environment.path - drone-server-environment.path - ]; - ExecStart = "${pkgs.drone}/bin/drone-server"; - Restart = "on-failure"; - User = user; - Group = group; - }; - }; - - services.postgresql = { - ensureDatabases = [ "drone-server" ]; - ensureUsers = [{ - name = user; - ensurePermissions = { - "DATABASE \"drone-server\"" = "ALL PRIVILEGES"; - }; - }]; - }; - - services.nginx.virtualHosts."ci.sbruder.de" = { - enableACME = true; - forceSSL = true; - locations = { - "/".proxyPass = "http://${config.systemd.services.drone-server.environment.DRONE_SERVER_PORT}"; - "/metrics".return = "403"; - }; - }; - - users.users."${user}" = { - isSystemUser = true; - inherit group; - }; - users.groups."${group}" = { }; -} diff --git a/machines/fuuko/services/prometheus.nix b/machines/fuuko/services/prometheus.nix index 9a976a6..684cf08 100644 --- a/machines/fuuko/services/prometheus.nix +++ b/machines/fuuko/services/prometheus.nix @@ -94,14 +94,6 @@ in }; } ) - { - job_name = "drone"; - static_configs = mkStaticTarget config.systemd.services.drone-server.environment.DRONE_SERVER_PORT; - relabel_configs = lib.singleton { - target_label = "instance"; - replacement = "ci.sbruder.de"; - }; - } { job_name = "dnsmasq"; static_configs = mkStaticTarget (with config.services.prometheus.exporters.dnsmasq; "${listenAddress}:${toString port}");